CISSP - ACCESS CONTROL SYSTEMS & METHOLOGY
ACCESS CONTROL SYSTEMS & METHOLOGY
ACCESSS CONTROL
Protects data from unauthorized access
Confidentiality - no unauthorized reads
Integrity - no unauthrized writes
Subject
- An entity that requests access to data(active) Object
Object
- An entity that contains or controls data(passive)
Least Privilege
Grant subjects enough access to perform required tasks
Goal is to minimise accidental authorization
Accountability
Log subject's access to everything
Ensure subject adhere to security policy
Prevent unauthorized behaviour
Physical Access
Controls (safeguard to protect object from threat)
3 types of object controls:
physical access controls
logical access controls
administrative access controls
Physical access controls
Controls that limit physical access to objects
Examples :
Perimeter security
Fences
Walls
Limited access doors /rooms
Locked doors
Cable Security
Shielding from interferences and emanations
Cabling media choice (fiber optic)
Conduit or other physical protection
Segregation of duties
Minimize "shoulder surfing"
Keeps a single person from completing a sensitive process
Administrative Access
Policies & Procedures
Security awareness training
Hiring practices
Monitoring
Logical Access
Technical controls
Object access restrictions
only allow access by authorized users
Encryption
Only allow authorized users to read data
Network architecture / segregation
- Object access restrictions
- Only allow access by authorized users
Encryption
Only allowed authorized users to read data
Network architecture segregation
Use architecture to keep network segments separate
0 Comments:
Post a Comment
<< Home